[gentoo-user] Can't satisfy GLSA 200801-19 - gentoo-user

From:	Michael Sullivan <michael@××××××××××××.com>
To:	gentoo-user <gentoo-user@l.g.o>
Subject:	[gentoo-user] Can't satisfy GLSA 200801-19
Date:	Mon, 11 Feb 2008 15:24:55
Message-Id:	`1202743481.11296.2.camel@camille.espersunited.com`

1

camille ~ # glsa-check -t all

2

This system is affected by the following GLSAs:

3

200801-19

4

camille ~ # glsa-check -d 200801-19

5

             GLSA 200801-19: 

6

GOffice: Multiple vulnerabilities             

7

============================================================================

8

Synopsis:          Multiple vulnerabilities in GOffice could result in

9

the

10

                   execution of arbitrary code.

11

Announced on:      January 30, 2008

12

Last revised on:   January 30, 2008: 01

13

14

Affected package:  x11-libs/goffice

15

Affected archs:    All

16

Vulnerable:        <0.6.1

17

Unaffected:        >=0.6.1 >=~0.4.3

18

19

20

Related bugs:      198385

21

22

Background:        GOffice is a library of document-centric objects and

23

                   utilities based on GTK.

24

25

Description:       GOffice includes a copy of PCRE which is vulnerable

26

to

27

                   multiple buffer overflows and memory corruptions

28

                   vulnerabilities (GLSA 200711-30).

29

30

Impact:            An attacker could entice a user to open specially

31

crafted

32

                   documents with GOffice, which could possibly lead to

33

the

34

                   execution of arbitrary code, a Denial of Service or

35

the

36

                   disclosure of sensitive information.

37

38

Workaround:        There is no known workaround at this time.

39

40

Resolution:        All GOffice 0.4.x users should upgrade to the latest

41

                   version:

42

43

                   # emerge --sync

44

                   # emerge --ask --oneshot --verbose

45

                   ">=x11-libs/goffice-0.4.3"

46

                   All GOffice 0.6.x users should upgrade to the latest

47

                   version:

48

49

                   # emerge --sync

50

                   # emerge --ask --oneshot --verbose

51

                   ">=x11-libs/goffice-0.6.1"

52

53

References:       

54

                   GLSA-200711-30:

55

http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml

56

57

58

camille ~ # emerge -pv ">=x11-libs/goffice-0.6.1"

59

60

These are the packages that would be merged, in order:

61

62

Calculating dependencies... done!

63

[ebuild   R   ] x11-libs/goffice-0.6.1  USE="gnome -debug" 0 kB 

64

65

Total: 1 package (1 reinstall), Size of downloads: 0 kB

66

67

I've emerged this several times and glsa-check still claims it needs to

68

be fixed.  Why?

69

70

--

71

gentoo-user@l.g.o mailing list

Gentoo Archives: gentoo-user

Replies

1	camille ~ # glsa-check -t all
2	This system is affected by the following GLSAs:
3	200801-19
4	camille ~ # glsa-check -d 200801-19
5	GLSA 200801-19:
6	GOffice: Multiple vulnerabilities
7	============================================================================
8	Synopsis: Multiple vulnerabilities in GOffice could result in
9	the
10	execution of arbitrary code.
11	Announced on: January 30, 2008
12	Last revised on: January 30, 2008: 01
13
14	Affected package: x11-libs/goffice
15	Affected archs: All
16	Vulnerable: <0.6.1
17	Unaffected: >=0.6.1 >=~0.4.3
18
19
20	Related bugs: 198385
21
22	Background: GOffice is a library of document-centric objects and
23	utilities based on GTK.
24
25	Description: GOffice includes a copy of PCRE which is vulnerable
26	to
27	multiple buffer overflows and memory corruptions
28	vulnerabilities (GLSA 200711-30).
29
30	Impact: An attacker could entice a user to open specially
31	crafted
32	documents with GOffice, which could possibly lead to
33	the
34	execution of arbitrary code, a Denial of Service or
35	the
36	disclosure of sensitive information.
37
38	Workaround: There is no known workaround at this time.
39
40	Resolution: All GOffice 0.4.x users should upgrade to the latest
41	version:
42
43	# emerge --sync
44	# emerge --ask --oneshot --verbose
45	">=x11-libs/goffice-0.4.3"
46	All GOffice 0.6.x users should upgrade to the latest
47	version:
48
49	# emerge --sync
50	# emerge --ask --oneshot --verbose
51	">=x11-libs/goffice-0.6.1"
52
53	References:
54	GLSA-200711-30:
55	http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml
56
57
58	camille ~ # emerge -pv ">=x11-libs/goffice-0.6.1"
59
60	These are the packages that would be merged, in order:
61
62	Calculating dependencies... done!
63	[ebuild R ] x11-libs/goffice-0.6.1 USE="gnome -debug" 0 kB
64
65	Total: 1 package (1 reinstall), Size of downloads: 0 kB
66
67	I've emerged this several times and glsa-check still claims it needs to
68	be fixed. Why?
69
70	--
71	gentoo-user@l.g.o mailing list